So, trying to look up some leftover recursive clients in the logs, and I find I’m not familiar with all of the flags.  Some digging later, and I’m led to the source code…

Now, I know that a minus or a plus at the end of the line indicates whether recursion was requested or not.  The others I was seeing, however… -EDC -EC, -ED, etc.  The E seems to be EDNS0, which is fine… the others, I gather, some dnssec mechanisms.  I’m not familiar enough with that, yet.

From the source, though:

(client->signer != NULL) ? “S”: “”,
(client->opt != NULL) ? “E” : “”,
((extflags & DNS_MESSAGEEXTFLAG_DO) != 0) ? “D” : “”,
((flags & DNS_MESSAGEFLAG_CD) != 0) ? “C” : “”);

Signer, Messageextflag_do, messageflag_cd, are what, exactly?  DNSSEC queries?

1. mattias, November 4, 2009:

   Did you ever figure out what the DNS_MESSAGEEXTFLAG_DO flag means?

2. lamerfreak, November 4, 2009:

   I believe this, as far as I know:

   http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions#Recursive_name_servers

   “The process starts when a security-aware resolver sets the ‘DO’ flag bit in a DNS query. Since the DO bit is in the extended flag bits defined by EDNS, all DNSSEC transactions must support EDNS.”

   So it’s checking for DNSSEC support on top of EDNS, if I’m reading it right.